Definition

content spoofing

Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate. The intent is, typically, to defraud victims (as in phishing) although sometimes the purpose is simply to misrepresent an organization or an individual. Content spoofing often exploits an established trust relationship between a computer user and an organization.

The attacker typically leads an Internet user to spoofed content through e-mail, bulletin-board postings and chat-room transmissions. In some cases, an attacker may modify information and links in an established Web site by accessing and altering content on the server. The latter type of content spoofing is more difficult to detect because there is no readily apparent difference to the casual observer.

The most dangerous content spoofing is done with DHTML (dynamic HTML) content sources such as forms and log-in applications. When a Web page with spoofed content is viewed by an Internet user, the location bar displays what appears to be a legitimate URL. However, the attacker has generated or altered by the page. As a result, when the user enters sensitive data (such as a credit card number, password, bank account number, birth date, or Social Security number), the attacker can obtain the data for identity theft or some other fraudulent purpose.

This was last updated in September 2006

Continue Reading About content spoofing

The Web Application Security Consortium describes content spoofing and provides an example of how it is done.

Secunia identifies a content spoofing vulnerability in Windows, and provides links to appropriate patches.

Dig Deeper on Internet Application Security

What are the top enterprise email security best practices? Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the dangers of phishing.

IP Spoofing IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.

How do attackers build and use phishing kits? With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built.

man-in-the-middle attack (MitM) A man-in-the-middle attack is one in which the attacker secretly intercepts and relays messages between two parties who think they are communicating directly with each other.

How can address bar spoofing vulnerabilities be prevented? Address bar spoofing attacks can be detrimental to an organization. Expert Michael Cobb details several vulnerabilities and explains how to defend against the threat.

How can phishing emails spoofing TLDs be avoided? Attackers have found a loophole in SPF verification and are using the .gov top-level domain to trick users with phishing emails. Expert Nick Lewis explains how to defend against the threat.

SearchCloudComputing

content spoofing

Continue Reading About content spoofing

Dig Deeper on Internet Application Security

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

SearchAppArchitecture

A guide to open source technology in application development

Finding the right fit for business process automation

Business process automation software requires a strategy

SearchITOperations

Put infrastructure automation at the heart of modern IT ops

Geek gifts 2019: Think Opex, not Capex with subscriptions

Dynatrace monitoring faces market ambivalence in NoOps push

SearchAWS

Prepare for an AWS outage with these preventative steps

AWS seeks niche in the cloud UC market

National Australia Bank cashes in on AWS training and certification

Continue Reading About content spoofing

Related Terms

Dig Deeper on Internet Application Security

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats